<?php
session_start();
if(!$_SESSION['user']){
    header('location: login.php');//若没有登录，直接重定向到登录页面
    return;
}
$u = $_SESSION['user']; //当前登录的用户信息
?><!doctype html>
<html>
<head>
    <meta charset="UTF-8">
    <title>删除记录</title>
    <style>
        h1{ color:red;}
        .errMsg{
            color: red;
            font-weight: bold;
        }
    </style>

</head>
<body><?php

if(isset($_GET['xh'])){ //判断是否提交有数据
    try {
        $db=new PDO('mysql:host=localhost;dbname=db','root','12qwas');
        $xh = $_GET['xh'];
        if($xh!==$u['xh'])throw new Exception('你不能删除别人的记录~');
        $ps = $db->prepare("delete from students where xh=?");
        $r = $ps->execute(array($xh));
        header("location: index.php");
        return;
    }catch(Throwable $e){
        $errMsg = $e->getMessage(); //获取错误信息
    }
}
?>
<h1>删除用户</h1>
<div class="errMsg"><?=$errMsg?></div>
</body>
</html>